Every day there are more threats to cybersecurity, and not a day goes by without a new story about some kind of data breach or theft. Those of us who own or manage small and medium-sized businesses know that cyber security is crucial and that we must pay attention to these issues. The problem is knowing where to start.
Cybersecurity can be overwhelming and tremendously complicated. Not all managers or owners of small businesses have a technical background, so navigating all the technical jargon and conflicting information can be confusing even to those most determined to deal with the problem.
We have created this guide precisely for these people. If you are a busy manager or have a heavy schedule of daily tasks involved in running your business, you don’t have time to become an advanced expert in all aspects of cyber security.
However, if you pay attention to this guide and work with your team (your employees and those you hire to manage your hardware, software, and networks) to implement the security measures we describe here, you will be able to sleep better at night.
Protecting your business isn’t as difficult as many experts claim it is; with a little patience and guidance you’ll be able to implement the most effective security measures in your small business.
Determine your vulnerabilities
The first step in protecting yourself from Internet threats is to determine what your vulnerabilities are (if you don’t know what your weaknesses are, how will you be able to fix them; if you don’t know what data your business stores, how will you protect it?)
Start by identifying the “crown jewels” of your business data – what is the most important data your business stores?
It could be anything from your intellectual property to customer information, inventory, financial information, etc. Where do you keep all this data? Once you have the answers to these questions, you can start thinking about the risks your data is exposed to.
Carefully analyse all the processes, both yours and those of your staff, by which you collect, store and delete this data. Think about all the points through which this data circulates, every point where it could leak or be stolen. Analyze the consequences of a cyber security breach for you, your employees, your customers and your partners, and then start taking precautions.
Protect your equipment and devices
Your computers and other devices are the portals through which virtually everything that makes your business work is done.
However, because these devices are connected to the Internet and a local network, they are vulnerable to attack. Here are our guidelines for improving your security across the spectrum of your company’s computer systems.
Update the software
The first (and probably easiest) step in ensuring that your systems are not vulnerable to attack is to keep your software up to date. You should always have the latest version of the software on which your business depends.
Hackers spend their time looking for bugs in popular software, exploiting security holes and bugs to get into the system. They do this for all sorts of reasons: to make money, for political reasons or simply because they can.
This type of intrusion can cause incalculable damage to your business: hackers could steal your customers’ credit card details from your website or steal passwords from your computer. This could cause serious problems for your business.
Microsoft and other software companies are always looking for vulnerabilities in their software. When they find one, they release an update that fixes it for their users. Making sure you download these updates whenever they are released is so simple that you wonder why so many companies are not careful about it.
Before the attack Microsoft released a patch, an update that fixed the problem, but many system administrators did not install it and suffered this massive attack. Fortunately the attack was stopped, but this is not always the case. The easiest way to avoid becoming the next victim of hackers is to keep your software updated.
Protect yourself from viruses
Viruses are malicious programs that infect your computer without warning. They can do many things, but they usually get access to your files and delete or modify them. Viruses spread quickly by replicating and sending themselves to others on your contact list.
If a computer on the network becomes infected, the virus can spread quickly through all of your company’s computers, causing significant data loss. If you communicate with your customers by email (which most of us do), you run the risk of infecting them too.
Malware and ransomware are the two most dangerous types of viruses in circulation today. There are some differences between malware and ransomware.
The word malware comes from malicious software, and what it does is trick the victim into downloading certain software, which allows access to the victim’s computer. It can track what you do on your computer, steal confidential information or spread spam through email.
Ransomware is a specific type of malware that blocks your computer and prevents access to important files until you pay the ransom.
There are a number of steps you can take to avoid infecting your computer with viruses. First, install anti-virus software on all computers in the office. Anti-virus programs scan incoming e-mail messages, as well as all files on your computer, and delete or quarantine any viruses they find.
Hackers are always creating new viruses, so you should update your anti-virus software frequently. The best anti-viruses include a feature that instructs your computer to download updates automatically.
You should ensure that your staff are aware that they should not open suspicious files and that they should delete any attachments in emails from sources they do not recognise as trustworthy.
Accessing the Internet using a VPN is also an improvement in security. VPNs make it extremely difficult for hackers to track your computer or encrypt your data, as they allow you to access the Internet anonymously and encrypt all of your traffic data. A good VPN provider will send you a security warning when you try to access suspicious URLs.